The U.S. Department of Homeland Security has reaffirmed a $1 billion contract won by Raytheon Co. to protect the networks of dozens of federal agencies from cyber threats over protests by competitors.
Raytheon was picked in September as the prime contractor and systems integrator for the department’s Network Security Deployment division, which oversees cybersecurity for more than 100 federal civilian agencies.
After completing "corrective actions" following questions from the Government Accountability Office, Homeland Security last week reaffirmed Raytheon as its pick, according to Jack Harrington, vice president for cybersecurity and special missions at Raytheon Intelligence, Information and Services.
"It’s providing all of the infrastructure, all of the kind of capabilities" that will be deployed "to all of these agencies to help protect .gov," Harrington said in an interview Monday at his office in Sterling, Virginia.
A Department of Homeland Security spokesman said that the agency reaffirmed on June 2 its decision to award the contract. The deal will provide services to operate and maintain the department’s breach detection and prevention system, known as Einstein, and develop new cybersecurity capabilities, the spokesman said.
Raytheon rose less than 1% to $134.78 at 2:36 p.m. New York time, its highest since July 29, 1980.
Beefing up online security has become a priority for government agencies and companies after repeated cyber attacks. Last year, the Office of Personnel Management experienced a breach traced to hackers in China that compromised data on 21.5 million individuals.
"If you think about the federal agencies, many of them have been underserved because of budgets. When you think about even OPM their mission is not cybersecurity, their mission is getting people cleared," Harrington said. "This whole cybersecurity thing is a new element, and a hard element for a lot of these agencies who have budgets for many, many years that didn’t include IT security."
In a January report, the Government Accountability Office said Homeland Security’s National Cybersecurity Protection System "provides DHS with a limited ability to detect potentially malicious activity entering and exiting computer networks at federal agencies." It raised concerns about the system’s ability to monitor network traffic and address threats.
Raytheon, which says it has invested more than $3.5 billion in building its cybersecurity services, will "support DHS in providing those capabilities out to those agencies," Harrington said.
The company already works with Homeland Security as a liaison, sharing classified cyberthreat intelligence with the private sector. Raytheon also shares threat indicators it finds with the Defense Department and within the defense industry, but not all companies are ready to do so. The defense and financial industries are further along in cyber information-sharing, Harrington said. Retail industry groups have approached Raytheon about how they can start providing cyber intelligence, he said.
"There are those who find it complicated: ‘’Do I want to provide my data to the government? Do I want provide my data to my competition? What if I release private, personal identifiable information?’" Harrington said. "There’s a lot of concerns that people have around privacy, that people have around lawsuits and litigation."
Current debates over encryption meant to protect data have underscored those questions. After the FBI seized an iPhone used by a shooter involved in a terrorist attack in December, the agency was initially unable to crack its password protections. A federal judge ordered Apple to create new software to get past this encryption. Apple refused, saying this could threaten the data security of all its customers.
Maintaining cyber capabilities within the government also has been a challenge. U.S. Air Force and Navy program managers haven’t yet made “big moves” to incorporate cybersecurity requirements into bid documents or contract selections, Harrington said.
“Both the services have been looking at it very hard from the requirement side, as to how do they articulate that and what’s good enough, and how do you measure it and how much money do they have to pay for it," Harrington said. “But we haven’t seen it come out as a big, major shift.”